Online shoppers are being warned by the Australian Federal Police (AFP) to be alert to fake delivery scams that could cost unwary victims thousands of dollars.
Commander of Cybercrime Operations with AFP, Chris Goldsmid said December was often the busiest time of year for most people and cyber criminals would attempt to exploit victims who might be stressed and less attentive to details.
“Cyber criminals often impersonate trusted brands, such as legitimate parcel delivery services, to send messages designed to trick consumers into clicking on URLs containing harmful malware or providing personal information,” Commander Goldsmid said.
“This may include a technique called ‘spoofing’ in which cyber criminals make their messages look legitimate by using real company logos and fake sender details,” he said.
“The messages will often ask you to click a link to track your package, confirm your delivery address, re-direct your package or collect your package.”
Commander Goldsmid said that once a consumer clicked on a link, they may be taken to a fake company website where they were asked to enter personal or financial details to complete their delivery.
As well as providing criminals with sensitive information, he said clicking the link may lead to the installation of harmful malware on personal devices.
“Easy red flags to look out for include requests for your personal or financial information to confirm your order, an unexplained sense of urgency in the request, grammatical errors and suspicious URLs,” Commander Goldsmid said.
“Taking a few minutes to confirm the legitimacy of a message could save you thousands of dollars,” he said.
“If you’ve received one of these messages, do not click the link as doing so can lead to the installation of malware on your device, which can access your personal data and infect your device.”
Commander Goldsmid said most delivery services would never text or email their customers to request personal or financial information.
“If something doesn’t feel right, take the time to verify the request with the organisation using contact information listed on their website,” he said
“If you receive one of these scam texts or emails do not click on any links, report it to Scamwatch, block the sender and delete the message immediately,” he said.